VMware Integrated OpenStack Installation and Configuration ... · n Ceilometer (telemetry),...

VMware Integrated OpenStack Installation and Configuration Guide

Modified on 13 JAN 2020VMware Integrated OpenStack 6.0

You can find the most up-to-date technical documentation on the VMware website at:

https://docs.vmware.com/

If you have comments about this documentation, submit your feedback to

[email protected]

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

Copyright © 2015-2020 VMware, Inc. All rights reserved. Copyright and trademark information.


VMware, Inc. 2

https://docs.vmware.com/

mailto:[email protected]

http://pubs.vmware.com/copyright-trademark.html

Contents

1 VMware Integrated OpenStack Installation and Configuration Guide 4

2 Introducing VMware Integrated OpenStack 5VMware Integrated OpenStack Architecture 5

Internationalization and Unicode Support 7

OpenStack Foundation Compliance 7

VMware Integrated OpenStack Licensing 8

Datastore Clusters in VMware Integrated OpenStack 8

First Class Disks in VMware Integrated OpenStack 9

3 Preparing Your Environment 11Hardware Requirements for VMware Integrated OpenStack 11

Software Requirements for VMware Integrated OpenStack 12

Configure vCenter Server for OpenStack 13

Configure NSX Data Center for vSphere for OpenStack 15

Configure NSX-T Data Center for OpenStack 15

4 Installing VMware Integrated OpenStack 22Install the VMware Integrated OpenStack Virtual Appliance 22

Create an OpenStack Deployment 25

Assign the VMware Integrated OpenStack License Key 29

5 Configuring Additional Components and Features 31Integrate VMware Integrated OpenStack with vRealize Operations Manager 31

Integrate VMware Integrated OpenStack with vRealize Log Insight 32

Enable the Designate Component 33

Enable Carrier Edition Features 36

Enable the Ceilometer Component 36

6 Upgrading VMware Integrated OpenStack 38Upgrade VMware Integrated OpenStack 38

Add IP Addresses to the Network Configuration 40

Install the New Virtual Appliance 41

Migrate to the New VMware Integrated OpenStack Deployment 43

Upgrade and Assign Your License Key 45

Delete the Old VMware Integrated OpenStack Deployment 46

Revert to a Previous VMware Integrated OpenStack Deployment 46

VMware, Inc. 3

VMware Integrated OpenStack Installation and Configuration Guide 1The VMware Integrated OpenStack Installation and Configuration Guide explains the process of deploying OpenStack in your VMware vSphere® environment.

Before installing VMware Integrated OpenStack, review the deployment and networking modes described in this guide and ensure that your environment meets the stated requirements. Once you are ready, prepare your vCenter Server® instance and deploy the VMware Integrated OpenStack virtual appliance. The virtual appliance installs the Integrated OpenStack Manager, which streamlines the process of deploying OpenStack. After deployment, you can use the Integrated OpenStack Manager to add components or otherwise modify the configuration of your OpenStack cloud infrastructure.

Intended AudienceThis guide is for system administrators and developers who want to integrate their vSphere deployment with OpenStack services. To do so successfully, you should be familiar with vSphere and the OpenStack components and functions. If you are deploying VMware Integrated OpenStack with VMware NSX® Data Center for vSphere® or NSX-T™ Data Center, you should also be familiar with the administration of those products.

VMware, Inc. 4

Introducing VMware Integrated OpenStack 2VMware Integrated OpenStack is a distribution of OpenStack designed to run on a vSphere infrastructure. VMware Integrated OpenStack 6.0 is based on the OpenStack Stein release.

VMware Integrated OpenStack makes use of your existing infrastructure for the hypervisor, networking, and storage components for OpenStack, simplifying installation and operations and offering better performance and stability.

VMware Integrated OpenStack offers a variety of unique features:

n vCenter Server cluster as the compute node for reduced management complexity

n Distributed Resource Scheduler (DRS) and Storage DRS for workload rebalancing and datastore load balancing

n vSphere high availability (HA) to protect and automatically restart workloads

n Support for importing vSphere virtual machines and templates into OpenStack

n Advanced networking functionality through NSX

n Integration with products such as vRealize Operations Manager and vRealize Log Insight

This chapter includes the following topics:

n VMware Integrated OpenStack Architecture

n Internationalization and Unicode Support

n OpenStack Foundation Compliance

n VMware Integrated OpenStack Licensing

n Datastore Clusters in VMware Integrated OpenStack

n First Class Disks in VMware Integrated OpenStack

VMware Integrated OpenStack ArchitectureVMware Integrated OpenStack connects vSphere resources to OpenStack components.

VMware, Inc. 5

VMware Integrated OpenStack is implemented as compute and management clusters in your vSphere environment. The compute clusters handle tenant workloads, while the management cluster contains OpenStack components and other services such as load balancing, database, and DHCP.

The core OpenStack projects included in VMware Integrated OpenStack are as follows:

Nova (compute) Compute clusters in vSphere are used as Nova compute nodes. Nova creates instances as virtual machines in these clusters, and vSphere uses DRS to place the virtual machines.

Neutron (networking) Neutron implements networking functions by communicating with the NSX Manager (for NSX-T Data Center or NSX Data Center for vSphere deployments) or with vCenter Server (for VDS-only deployments).

Cinder (block storage) Cinder executes block volume operations through the VMDK driver, causing the desired volumes to be created in vSphere.

Glance (image service) Glance images are stored and cached in a dedicated image service datastore when the virtual machines that use them are booted.

Keystone (identity management)

Authentication and authorization in OpenStack are managed by Keystone.

VMware Integrated OpenStack also provides the following OpenStack components:

n Barbican (secret management)

n Ceilometer (telemetry), including Aodh (alarming), Panko (event storage), and Gnocchi (time series database)

n Designate (DNS)

n Heat (orchestration)

n Horizon (user interface)

n Swift (object storage) - technical preview only


VMware, Inc. 6

Figure 2-1. Overview of VMware Integrated OpenStack Components

Horizon(Web Portal) CLI Tools and SDKs Heat

(Orchestration)Aodh, Panko, and Gnocchi

(Alarms, Events, and Monitoring)Designate(DNSaaS)

Nova(Compute)

Neutron(Networking)

Cinder(Block Storage)

Glance(Images)

Swift(Object Storage)

Keystone(Identity)

vCenter NSX vCenter Datastores(vSAN or Third Party)

vSphere(Installation,

Configuration, and Troubleshooting)

vRealize Log Insight(Log Collection and

OpenStack Content Pack)

vRealize Operations(OpenStack

Management Pack)

Basic OpenSource

Third-PartyObject Storage

Local Database LDAP

vRealize Business for Cloud(Cost Visibility, Governance, etc.)

OpenStack components

VMware components

Third-party components

Internationalization and Unicode SupportVMware Integrated OpenStack supports UTF-8 character encoding, and its interface and documentation are available in English, French, German, Spanish, Japanese, Korean, Simplified Chinese, and Traditional Chinese.

If you are using Linux to access VMware Integrated OpenStack, configure the system to use the UTF-8 encoding specific to your locale. For example, to use U.S. English, specify the en_US.UTF-8 locale. For more information, see the documentation for your operating system.

Important Although VMware Integrated OpenStack supports Unicode, the following items must only contain ASCII characters:

n Names of OpenStack resources (such as project, users, and images)

n Names of infrastructure components (such as ESXi hosts, port groups, data centers, and datastores)

n LDAP and Active Directory attributes

OpenStack Foundation ComplianceEvery new version of VMware Integrated OpenStack complies with the most recent interoperability guidelines available at the time of release.

Interoperability guidelines are created in the OpenStack community by the Interop Working Group and are approved by the OpenStack Foundation Board of Directors.

As an OpenStack Powered Platform product, VMware Integrated OpenStack provides proven interoperability with all other OpenStack Powered products. For more information, see the VMware Integrated OpenStack page on OpenStack Marketplace at https://www.openstack.org/marketplace/distros/distribution/vmware/vmware-integrated-openstack.


VMware, Inc. 7

https://www.openstack.org/marketplace/distros/distribution/vmware/vmware-integrated-openstack

https://www.openstack.org/marketplace/distros/distribution/vmware/vmware-integrated-openstack

VMware Integrated OpenStack LicensingVMware Integrated OpenStack requires a license key to provide functionality. Licenses are available for VMware Integrated OpenStack Data Center Edition and Carrier Edition

Data Center Edition is available as a standalone product or as part of VMware vRealize Suite. It is designed for enterprises that want to build a private cloud based on OpenStack.

Carrier Edition is part of the VMware vCloud NFV bundle. It is designed for telecommunications companies and communication service providers that want to build a network functions virtualization (NFV) cloud. In addition to all features of Data Center Edition, it supports the following:

n SR-IOV

n Tenant data centers

n Enhanced Platform Awareness (EPA), including virtual CPU pinning and NUMA awareness

n NSX-managed virtual distributed switch (N-VDS) in enhanced data path mode

To obtain licenses or additional information, see the VMware Integrated OpenStack product page at https://www.vmware.com/products/openstack.html or contact your VMware sales representative.

You can use VMware Integrated OpenStack in evaluation mode for 60 days by assigning an evaluation license. When the evaluation license expires, all Carrier Edition features are disabled. Obtain and assign your VMware Integrated OpenStack license key as soon as possible after installing VMware Integrated OpenStack.

In addition to the VMware Integrated OpenStack license, you will also need sufficient licenses for vSphere and for any other VMware components that you deploy, such as NSX-T Data Center.

Datastore Clusters in VMware Integrated OpenStackYou can use datastore clusters in the ESXi clusters that host VMware Integrated OpenStack compute workloads.

A datastore cluster is a collection of datastores with shared resources and a shared management interface. You can use vSphere Storage DRS to manage the resources in a datastore cluster. For information about creating and configuring datastore clusters, see "Creating a Datastore Cluster" in vSphere Resource Management.

If you want to use datastore clusters with VMware Integrated OpenStack, be aware of the following:

n When you deploy OpenStack, you cannot select a datastore cluster for the compute or block storage component to consume. Specify the desired datastore cluster after the deployment is complete..

n Only one datastore cluster can be used for each vCenter Server instance.

n If your environment has multiple vCenter Server instances, the name of the datastore cluster used by VMware Integrated OpenStack in each instance must be the same.

n Swift nodes do not support datastore clusters.


VMware, Inc. 8

https://www.vmware.com/products/openstack.html

n You can boot only images backed by virtual machines. Sparse and preallocated images cannot be booted on datastore clusters.

n You must enable Storage DRS on your datastore clusters and set the Cluster automation level to No Automation (Manual Mode). Automatic migrations are not supported.

n Only the following provisioning operations use Storage DRS:

n Booting from a Glance template image

n Creating raw Cinder volumes

n Creating a volume from another volume (full clones and linked clones)

n Cloning snapshots in COW format (full clones and linked clones)

First Class Disks in VMware Integrated OpenStackIn VMware Integrated OpenStack 6.0, you can create Cinder volumes as First Class Disks (FCDs) instead of VMDKs.

An FCD, also known as an Improved Virtual Disk (IVD) or Managed Virtual Disk, is a named virtual disk independent of a virtual machine. Using FCDs for Cinder volumes eliminates the need for shadow virtual machines.

The FCD back end is offered in addition to the default VMDK back end. If you select FCD as the back-end driver for Cinder, you can use both FCD and VMDK volumes in the same deployment. You can also attach FCD and VMDK volumes to the same OpenStack instance.

To specify the back-end driver used for volume creation, create volume types with the volume_backend_name extra spec set to the name of the desired driver. Then select the volume type when you create volumes.

Existing VMDK volumes cannot be automatically converted to FCD volumes. To manually convert a VMDK volume, detach the volume from all instances, unmanage it, and manage it again. For information, see "Manage a Volume" in the VMware Integrated OpenStack Administration Guide.

If you want to use FCD volumes with VMware Integrated OpenStack, be aware of the following:

n vSphere 6.7 Update 2 or later is required to use FCD volumes.

n vSphere 6.7 Update 3 or later is required to perform the following operations on volumes that are attached to powered-on instances:

n Creating a volume from a snapshot

n Backing up a volume snapshot using a temporary volume created from a snapshot

n Storage DRS is not supported for FCD volumes.

n Volume multi-attach is not supported for FCD volumes.

n FCD volumes must be backed by a shared datastore.

n FCD volumes that are in use cannot be cloned, retyped, or extended.


VMware, Inc. 9

n After you set a storage policy on an FCD volume, you cannot remove the storage policy from the volume. However, you can change the storage policy used by an unattached volume.

n Instances that have an FCD volume attached cannot be migrated. You must detach the volume before migrating the instance.

n FCD volumes with snapshots cannot be extended.


VMware, Inc. 10

Preparing Your Environment 3Before deploying VMware Integrated OpenStack, ensure that your environment meets the system requirements and perform pre-installation tasks to prepare your networks and vSphere infrastructure.


n Hardware Requirements for VMware Integrated OpenStack

n Software Requirements for VMware Integrated OpenStack

n Configure vCenter Server for OpenStack

n Configure NSX Data Center for vSphere for OpenStack

n Configure NSX-T Data Center for OpenStack

Hardware Requirements for VMware Integrated OpenStackThe specific hardware required to run VMware Integrated OpenStack depends on the scale of your deployment and size of controller that you select.

The Integrated OpenStack Manager requires the following hardware resources:

n 4 vCPUs

n 16 GB of memory

n Two 30 GB hard disks

A non-HA deployment requires between one and ten controllers. An HA deployment requires between three and ten controllers. The supported controller sizes are as follows:

n Small: 4 vCPUs, 16 GB of memory, and one 25 GB hard disk

n Medium: 8 vCPUs and 32 GB of memory, and one 25 GB hard disk

n Large: 12 vCPUs and 32 GB of memory, and one 25 GB hard disk

Note The small size can be used in HA deployments only. Non-HA deployments must use medium or large controllers.

VMware, Inc. 11

The following persistent volumes are also required:

n MariaDB: one 60 GB hard disk for non-HA deployments or three 60 GB hard disks for HA deployments

n RabbitMQ: one 20 GB for non-HA deployments or three 20 GB hard disks for HA deployments

n Virtual Serial Port Concentrator (VSPC): one 2 GB hard disk per Nova compute instance

The following table lists minimum and maximum resource requirements for typical configurations.

Deployment Type vCPUs MemoryDisk Space (Non-Persistent)

Disk Space (Persistent)

Single-node non-HA deployment (minimum)

12 (4 + 8) 48 GB (16 + 32) 85 GB (30×2 + 25) 82 GB (60 + 20 + 2)

Single-node non-HA deployment (maximum)

16 (4 + 12) 48 GB (16 + 32) 85 GB (30×2 + 25) 82 GB (60 + 20 + 2)

Three-node HA deployment (minimum)

16 (4 + 4×3) 64 GB (16 + 16×3) 135 GB (30×2 + 25×3) 246 GB (60×3 + 20×3 + 2×3)

Three-node HA deployment (maximum)

40 (4 + 12×3) 112 GB (16 + 32×3) 135 GB (30×2 + 25×3) 246 GB (60×3 + 20×3 + 2×3)

Five-node HA deployment (minimum)

24 (4 + 4×5) 96 GB (16 + 16×5) 185 GB (30×2 + 25×5) 246 GB (60×3 + 20×3 + 2×3)

Five-node HA deployment (maximum)

64 (4 + 12×5) 176 GB (16 + 32×5) 185 GB (30×2 + 25×5) 246 GB (60×3 + 20×3 + 2×3)

Note If you want to enable Ceilometer, the CPUs on the ESXi host running the Integrated OpenStack Manager must support Advanced Vector Extensions (AVX).

If you want to deploy VMware Integrated OpenStack with NSX-T Data Center or NSX Data Center for vSphere networking, additional resources may be required.

n For NSX-T Data Center, see "System Requirements" in the NSX-T Data Center Installation Guide.

n For NSX Data Center for vSphere, see "System Requirements for NSX Data Center for vSphere" in the NSX Installation Guide.

Software Requirements for VMware Integrated OpenStackVMware Integrated OpenStack works together with various software products to provide functionality.

VMware Integrated OpenStack 6.0 requires the following products:

n vSphere Enterprise Plus Edition, version 6.7 Update 2 or later, including:

n vCenter Server 6.7 Update 2 or later

n ESXi 6.7 Update 2 or later

n (NSX-T Data Center deployments only) NSX-T Data Center Advanced Edition, version 2.3.0 or later


VMware, Inc. 12

n (NSX Data Center for vSphere deployments only) NSX Data Center for vSphere 6.4.5 or later

Note If you want to deploy VMware Integrated OpenStack with VDS networking only, NSX is not required.

You can optimize performance by using a separate vCenter Server instance dedicated to VMware Integrated OpenStack.

VMware Integrated OpenStack 6.0 is also compatible with the following products:

n vSAN 6.7 Update 2 or later

n VMware Identity Manager 3.3 or later

n vRealize Log Insight 4.6.1 or later with VMware OpenStack Content Pack 1.3

n vRealize Operations Manager 7.5 or later with vRealize Operations Management Pack for VMware Integrated OpenStack 5.0

The Integrated OpenStack Manager web interface supports the following web browsers:

n Google Chrome version 50 and later

n Mozilla Firefox version 45 and later

n (Windows only) Microsoft Edge version 38 and later

For the most current information about supported versions, see the VMware Product Interoperability Matrices at https://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

Configure vCenter Server for OpenStackBefore installing the VMware Integrated OpenStack OVA, configure your environment as described in the following procedure.

Prerequisites

n Deploy vCenter Server and all ESXi hosts.

n Enable NTP on vCenter Server and on all ESXi hosts. Configure vCenter Server and ESXi hosts to use the same NTP time source, and ensure that the time source is highly available. For information about configuring NTP in vSphere, see "Synchronizing Clocks on the vSphere Network" in the vSphere Security guide.

n Create a PTR record associating the IP address planned for the Integrated OpenStack Manager with its FQDN, and ensure that the Integrated OpenStack Manager can connect to a DNS server.

Procedure

1 In vCenter Server, create a data center for VMware Integrated OpenStack.

2 In the data center, create the management cluster and compute cluster.

3 If you want to use NSX networking, create the edge cluster.


VMware, Inc. 13

https://www.vmware.com/resources/compatibility/sim/interop_matrix.php

4 Enable DRS and vSphere HA on the management cluster.

Note After deploying OpenStack, disable vSphere HA on all controller nodes.

5 Create a resource pool in the management cluster.

6 For NSX Data Center for vSphere deployments, create a resource pool in the edge cluster.

7 If you want to use datastore clusters for compute nodes, enable Storage DRS on the datastore clusters and set the Cluster automation level to No Automation (Manual Mode).

8 In your data center, create one or more distributed switches for your management, compute, and edge clusters.

9 On each distributed switch, set the maximum transmission unit (MTU) to 1600 or higher.

10 Plan the management network and assign a dedicated VLAN to it.

n If you do not want to use DHCP, ensure that the management network has at least five contiguous IP addresses available.

n Ensure that the management network can be expanded to twice the original number of IP addresses during upgrades. When upgrading VMware Integrated OpenStack, you will temporarily require sufficient IP addresses to support two deployments.

n For NSX-T Data Center deployments, ensure that the vCenter Server, NSX Manager, and NSX Controller instances can access the management network on Layer 2 or Layer 3.

n For NSX Data Center for vSphere deployments, if you want to use the management network for metadata service, ensure that the management network has an additional two contiguous IP addresses available. This is not required for deployments with an independent metadata service network.

11 Plan the API access network and assign a dedicated VLAN to it.

n Create the port group for the API access network on the distributed switches for your management, compute, and edge clusters. The network must be externally accessible.

n If you do not want to use DHCP, ensure that the API access network has at least four contiguous IP addresses available.

n Ensure that the API access network can be expanded to twice the original number of IP addresses during upgrades. When upgrading VMware Integrated OpenStack, you will temporarily require sufficient IP addresses to support two deployments.

12 For NSX Data Center for vSphere deployments, create the port group for the external network on the distributed switch for the edge cluster.

13 (Optional) For NSX Data Center for vSphere deployments, plan the metadata service network.

n Ensure that the metadata service network has at least two contiguous IP addresses available. If you do not create an independent metadata service network, ensure that your management network has two additional IP addresses available for the metadata service.

n Ensure that the metadata service network can communicate with the management network.


VMware, Inc. 14

What to do next

If you want to use NSX networking, deploy and configure your networking back end.

n Configure NSX Data Center for vSphere for OpenStack

n Configure NSX-T Data Center for OpenStack

Configure NSX Data Center for vSphere for OpenStackIf you want to use NSX Data Center for vSphere as the networking solution for VMware Integrated OpenStack, deploy and configure NSX Data Center for vSphere as described in the following procedure.

Procedure

u Install NSX Data Center for vSphere as described in the NSX Installation Guide.

Note the following:

n The NSX Manager must be installed on the compute vCenter Server instance used by VMware Integrated OpenStack. Cross-vCenter Server installation is not supported.

n Ensure that the maximum transmission unit (MTU) on the transport network is set to 1600 or higher.

What to do next

Install VMware Integrated OpenStack. See Chapter 4 Installing VMware Integrated OpenStack.

Configure NSX-T Data Center for OpenStackIf you want to use NSX-T Data Center as the networking solution for VMware Integrated OpenStack, deploy and configure NSX-T Data Center as described in the following procedure.

Prerequisites

n Deploy vSphere, including vCenter Server and all ESXi hosts.

n Install NSX-T Data Center.

a Deploy NSX Manager. See "NSX Manager Installation" in the NSX-T Data Center Installation Guide.

b If you are using NSX-T Data Center 2.3.1, controllers must be deployed separately. See "NSX Controller Installation and Clustering" in the NSX-T Data Center Installation Guide.

c Add your vCenter Server instance as a compute manager. See "Add a Compute Manager" in the NSX-T Data Center Installation Guide.


VMware, Inc. 15

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.install.doc/GUID-D8578F6E-A40C-493A-9B43-877C2B75ED52.html

d If you want to use an NSX Manager cluster, deploy additional NSX Manager nodes. See "Deploy NSX Manager Nodes to Form a Cluster from UI" in the NSX-T Data Center Installation Guide.

Note An NSX Manager cluster provides high availability for a single NSX-T Data Center instance. Multiple instances of NSX-T Data Center cannot be used with the same VMware Integrated OpenStack deployment.

e Deploy NSX Edge nodes. See "Installing NSX Edge" in the NSX-T Data Center Installation Guide.

Procedure

1 Log in to the NSX Manager as an administrator.

2 Create an overlay transport zone.

a On the System tab, select Fabric > Transport Zones and click Add.

b Enter a name, description, and N-VDS name for the overlay transport zone.

The N-VDS name will be used for the N-VDS that is installed on transport nodes added to this transport zone.

c Select Standard or Enhanced Datapath for the N-VDS mode.

d Select Overlay for the traffic type.

e Click Add.

3 Create a VLAN transport zone.

a Select Fabric > Transport Zones and click Add.

b Enter a name, description, and N-VDS name for the overlay transport zone.

The N-VDS name will be used for the N-VDS that is installed on transport nodes added to this transport zone.

c Select Standard or Enhanced Datapath for the N-VDS mode.

d Select VLAN for the traffic type.

e Click Add.

4 Create an uplink profile.

a On the System tab, select Fabric > Profiles.

b On the Uplink Profiles tab, click Add.

Note If you are using a physical link on an ESXi host, you can modify the default policy instead of creating a new one.

c Enter a name and description for the profile.

d (Optional) Under LAGs, add and configure one or more link aggregation groups (LAGs).

e Under Teamings, add a new teaming policy or configure the default policy.


VMware, Inc. 16

f In the Active Uplinks column, define a custom uplink name.

If you are using a physical link on an ESXi host, you can also define a standby uplink name.

g In the Transport VLAN text box, enter the VLAN ID of the physical network.

h Enter a maximum transmission unit (MTU) of 1600 or higher.

i Click Add.

5 If you want to use N-VDS in standard mode, create a Network I/O Control (NIOC) profile.

a On the System tab, select Fabric > Profiles.

b On the NIOC Profiles tab, click Add.


d Set Status to Enabled.

e Under Host Infra Traffic Resource, specify the desired traffic types and bandwidth allocations.

f Click Add.

6 Create an IP address pool for tunnel endpoints.

a On the Advanced Networking & Security tab, select Inventory > Groups.

b On the IP Pools tab, click Add.

c Enter a name and description for the IP address pool.

d Under Subnets, click Add.

e Click the first entry under each column and specify the IP address range, gateway, and network address.

You can also specify DNS servers (separated by commas) and a DNS suffix.

f Click Add.

7 Add the ESXi hosts in your compute cluster to the NSX-T Data Center fabric.

a On the System tab, select Fabric > Nodes.

b On the Host Transport Nodes tab, click Add.

c Enter the name, management IP address, user name, and password of the host.

You can also enter a host thumbprint. If you do not enter a thumbprint, NSX-T Data Center will prompt you to use the default thumbprint provided by the host.

d Click Next.

e From the Transport Zone drop-down menu, select the overlay transport zone.

f From the N-VDS Name drop-down menu, select the N-VDS for the overlay transport zone.

g If you are using a standard N-VDS, select the NIOC profile that you created in this procedure.


VMware, Inc. 17

h From the Uplink Profile drop-down menu, select the uplink profile that you created in this procedure.

i From the LLDP Profile drop-down menu, select the desired LLDP profile.

j From the IP Assignment drop-down menu, select Use IP Pool.

k From the IP Pool drop-down menu, select the tunnel endpoint IP address pool that you created in this procedure.

l In the Physical NICs field, enter the name of an unused NIC on your host.

m From the drop-down menu, select the uplink name that you defined in the uplink profile.

n Click Add.

8 Add the NSX Edge nodes in your edge cluster to the NSX-T Data Center fabric.


b On the Edge Transport Nodes tab, click Add Edge VM.

c Enter the name, FQDN, and description of the transport node.

d Select a form factor for the edge virtual machine and click Next.

e Enter the credentials for the NSX Edge virtual machine and click Next.

f Select the compute manager that you configured in this procedure.

g Select the cluster, resource pool or host, and datastore for the NSX Edge virtual machine and click Next.

h Select whether to use DHCP or a static IP address for the NSX Edge virtual machine.

If you select Static, enter the management IP address and default gateway.

i From the Management Interface drop-down menu, select the management network.

j Click Next.

k From the Transport Zone drop-down menu, select the overlay and VLAN transport zones.

l From the Edge Switch Name drop-down menu, select the N-VDS for the overlay transport zone

m From the Uplink Profile drop-down menu, select the uplink profile that you created in this procedure.

n From the IP Assignment drop-down menu, select Use IP Pool.

o From the IP Pool drop-down menu, select the tunnel endpoint IP address pool that you created in this procedure.

p From the DPDK Fastpath Interfaces drop-down menu, select the uplink name that you defined in the uplink profile.

q Click Select Interface.

r Select the management network and click Save.


VMware, Inc. 18

s Click Add N-VDS.

t From the Edge Switch Name drop-down menu, select the N-VDS for the VLAN transport zone

u From the Uplink Profile drop-down menu, select the uplink profile that you created in this procedure.

v From the DPDK Fastpath Interfaces drop-down menu, select the uplink name that you defined in the uplink profile.

w Click Select Interface.

x Select the management network and click Save.

9 Create an edge cluster and add NSX Edge nodes to it.


b On the Edge Clusters tab, click Add.

c Enter a name and description for the cluster.

d Select an edge cluster profile from the drop-down list.

e From the Member Type drop-down list, select Edge Node.

f Select the NSX Edge nodes in the Available column and click the left arrow to move them to the Selected column.

g Click Add.

10 Create a logical switch.

a On the Advanced Networking & Security tab, select Networking > Switching.

b In the Switches tab, click Add.

c Enter a name and description for the switch.

d Select the VLAN transport zone.

e Select an uplink teaming policy.

f Specify the VLAN ID of the network.

g Click Add.

11 Create a tier-0 router.

a On the Advanced Networking & Security tab, select Networking > Routers.

b On the Routers tab, click Add > Tier-0 Router.

c Enter a name and description for the router.

d Select the edge cluster that you created in this procedure.

e Select Active-Active or Active-Standby as the high availability mode.


VMware, Inc. 19

f If you want to use Active-Standby mode, select Preemptive or Non-Preemptive as the failover mode and select a preferred member from the edge cluster.

g Click Add.

12 Create a port on the tier-0 router to associate with the upstream physical router.

a On the Advanced Networking & Security tab, select Networking > Routers.

b On the Routers tab, click the name of your tier-0 router.

c Select Configuration > Router Ports and click Add.

d Enter a name and description for the port.

e In the Type field, select Uplink.

f Enter a maximum transmission unit (MTU) of 1600 or higher.

g From the Transport Node drop-down list, select a member of the edge cluster.

h From the Logical Switch drop-down list, select the switch that you created in this procedure.

i Select Attach to new switch port and enter a name for the switch port.

j Under Subnets, click Add.

k Enter the IP address of the router port and its prefix length in bits.

Note This IP address cannot be within the subnet of any OpenStack external network.

l Click Add.

13 Create a DHCP server profile.

a On the Advanced Networking & Security tab, select Networking > DHCP.

b On the Server Profiles tab, click Add.


d Select the edge cluster that you created in this procedure.

e Click Add.

14 Create a metadata proxy server.

a On the Advanced Networking & Security tab, select Networking > DHCP.

b On the Metadata Proxies tab, click Add.

c Enter a name and description for the metadata proxy server.

d In the Nova Server URL field, enter the planned private OpenStack endpoint of your VMware Integrated OpenStack deployment.

VMware Integrated OpenStack uses the first IP address in the management network as the private OpenStack endpoint. If you are not certain which IP address will be used, you can enter a placeholder IP address and update this setting after you have deployed VMware Integrated OpenStack.


VMware, Inc. 20

e In the Secret field, enter a password to pair with your VMware Integrated OpenStack deployment.

f Select the edge cluster that you created in this procedure.

g Click Add.

What to do next

Install VMware Integrated OpenStack. See Chapter 4 Installing VMware Integrated OpenStack.


VMware, Inc. 21

Installing VMware Integrated OpenStack 4You obtain the VMware Integrated OpenStack OVA package, install it in vSphere, and then create an OpenStack deployment.

Procedure

1 Install the VMware Integrated OpenStack Virtual Appliance

You deploy the VMware Integrated OpenStack virtual appliance on your vCenter Server instance. This appliance includes the OpenStack Management Server, through which you deploy and maintain your OpenStack cloud infrastructure.

2 Create an OpenStack Deployment

You deploy OpenStack by using the Integrated OpenStack Manager web interface.

3 Assign the VMware Integrated OpenStack License Key

You assign a license key for VMware Integrated OpenStack to enable its features.

Install the VMware Integrated OpenStack Virtual ApplianceYou deploy the VMware Integrated OpenStack virtual appliance on your vCenter Server instance. This appliance includes the OpenStack Management Server, through which you deploy and maintain your OpenStack cloud infrastructure.

This procedure describes how to install the VMware Integrated OpenStack using the vSphere Client. If you want to use the OVF Tool to install the virtual appliance, you must include the --allowExtraConfig parameter.

Prerequisites

n Deploy or upgrade vSphere and any other VMware products that you want to use with VMware Integrated OpenStack.

n Verify that your hardware, networks, and vCenter Server instance are correctly prepared. See Chapter 3 Preparing Your Environment.

n Verify that DRS has been enabled on the management cluster for VMware Integrated OpenStack.

VMware, Inc. 22

n Obtain the VMware Integrated OpenStack 6.0 OVA file from the product download page at https://my.vmware.com/en/group/vmware/info?slug=infrastructure_operations_management/vmware_integrated_openstack/6_0. The file requires approximately 6 GB of storage space.

Procedure

1 Log in to the vSphere Client and select the Hosts and Clusters view.

2 Right-click the management cluster previously configured for VMware Integrated OpenStack and select Deploy OVF Template... from the pop-up menu.

3 Provide the path to the VMware Integrated OpenStack OVA and click Next.

4 Enter a name for the VMware Integrated OpenStack vApp, select the data center that you defined during preparation, and click Next.

Note The name of the VMware Integrated OpenStack vApp can contain only letters, numbers, and underscores (_). The name cannot exceed 60 characters, and the combination of the vApp name and cluster name cannot exceed 80 characters.

5 Select the cluster on which to run the vApp and click Next.

6 Review the details of the template to be installed and click Next.

7 Read the license agreements and select I accept all license agreements. Then click Next.

8 Specify a provisioning format and storage policy, select the datastore on which the vApp files will be stored, and click Next.

For more information about provisioning formats, see "About Virtual Disk Provisioning Policies" in vSphere Virtual Machine Administration.

9 In the Destination Network column, select the management network defined during preparation and click Next.


VMware, Inc. 23

https://my.vmware.com/en/group/vmware/info?slug=infrastructure_operations_management/vmware_integrated_openstack/5_1



10 On the Customize template page, enter additional settings for VMware Integrated OpenStack.

a Under Network properties, you can enter static IP addresses for the Integrated OpenStack Manager virtual machine and DNS server.

If you want to use DHCP, leave all fields blank. If you enter a static IP address for the Integrated OpenStack Manager, you must also enter the subnet mask, default gateway, and DNS server.

b Under System, enter an initial password for the administrator accounts on the Integrated OpenStack Manager.

This password is used for the admin account on the web interface and the root user on the Integrated OpenStack Manager virtual machine. The following rules apply to the password:

n The password must contain between 8 and 128 characters.

n The password must contain at least 1 uppercase letter, 1 lowercase letter, 1 digit, and 1 special character.

n The password cannot contain simplistic patterns, common words, or words derived from the name of the account.

c For Permit Root Logon, select true.

d Under Internal Network, enter the network address of the Kubernetes service network, the network address of the Kubernetes pod network, and the domain name suffix of the service network.

Important n The network settings cannot be changed after deployment. Ensure that each network is large

enough to support your deployment, including future expansion.

The pod network must contain enough IP addresses so that each manager and controller node in the deployment can be assigned a /24 CIDR block. For example, the network 192.168.0.0/22 can support a maximum of four nodes, and the network 192.168.0.0/21 can support a maximum of eight nodes.

n The service and pod networks must be valid private networks as defined by RFC 1918.

n The service and pod networks must not overlap each other or any existing networks.

n The service network domain suffix must not overlap any existing domains. For example, if your current domain is named corp.local, you cannot use cluster.local as your service network domain. Use a different domain suffix, such as cluster.example.


VMware, Inc. 24

e (Optional) Under Log Management, enter the IP address and port number of your log analytics server.

You can add or update the log analytics server information after the deployment is finished.

f Under Time Management, enter one or more NTP servers to use for time synchronization.

All VMware Integrated OpenStack virtual machines must use a single, highly available time source. If you cannot configure a time source on all ESXi hosts, you must enter an NTP server in this field.

11 Once All properties have valid values is displayed in the upper left of the page, click Next.

12 On the Ready to complete page, review your settings. When you are satisfied that the settings are correct, click Finish to install the virtual appliance.

13 Right-click the name of the VMware Integrated OpenStack virtual appliance and select Power > Power On.

14 Select the Integrated OpenStack Manager virtual machine in the virtual appliance and record its IP address.

You can access this IP address to log in to the Integrated OpenStack Manager through the web interface or SSH.

What to do next

Use the Integrated OpenStack Manager web interface to create an OpenStack deployment and assign a license key.

Create an OpenStack DeploymentYou deploy OpenStack by using the Integrated OpenStack Manager web interface.

Prerequisites

n Prepare your networks and vCenter Server environment. See Chapter 3 Preparing Your Environment.

n Install VMware Integrated OpenStack on your vCenter Server instance. See Install the VMware Integrated OpenStack Virtual Appliance.

n In vSphere, take a snapshot of the Integrated OpenStack Manager virtual machine. This snapshot will be needed if you want to delete and recreate your deployment.

n Verify that all required clusters and datastores are available. If you add any resources to your vSphere environment after starting the deployment wizard, you must close and reopen the wizard before your changes can be displayed.

n Verify that the DNS server is set correctly and that the network gateway or firewall forwards DNS requests on private networks.

n For NSX-T Data Center deployments, obtain the values of the following parameters:

n FQDN or IP address of the NSX Manager


VMware, Inc. 25

n Username and password to access the NSX Manager

n Overlay transport zone

n VLAN transport zone

n Tier-0 router

n DHCP profile

n Metadata proxy server and secret

n For NSX Data Center for vSphere deployments, obtain the values of the following parameters:

n FQDN or IP address of the NSX Manager

n Username and password to access the NSX Manager

n Transport zone

n Edge cluster

n Resource pool and datastore for the edge cluster

n Distributed switch for NSX Data Center for vSphere

n Port group for the external network

n Port group for the metadata service network (if independent from the management network)

Procedure

1 Log in to the Integrated OpenStack Manager web interface as the admin user.

You can access the web interface by opening the IP address of the Integrated OpenStack Manager in a web browser. To find the IP address, select the Integrated OpenStack Manager virtual machine in the vSphere Client and view the Summary tab.

2 Select OpenStack Deployment and click Add.

3 Select whether you want to create a new deployment or use an exported template to populate settings.

Note n Passwords are not saved in exported templates. You must enter each password and validate it

before additional settings can be populated.

n Additional vCenter Server instances are not saved in exported templates. You must add vCenter Server instances manually before their settings can be populated.

4 Specify the deployment name, deployment mode, number of controllers, and controller size.

For non-HA mode, you can deploy with one medium or large controller. For HA mode, you can deploy with 3 or 5 controllers of any size.

After deployment, you can scale out your control plane and convert non-HA deployments to HA mode. However, you cannot scale in your control plane or convert HA deployments to non-HA mode.


VMware, Inc. 26

5 Click Next.

6 Enter the FQDN or IP address of your management vCenter Server instance and specify its administrator credentials.

Note If you want to deploy VMware Integrated OpenStack with NSX Data Center for vSphere networking, you must enter the location of the vCenter Server instance in the format in which it was registered with NSX Manager. To find the correct format, log in to NSX Manager, click Manage vCenter Registration, and view the vCenter Server section. Ensure that the value entered in VMware Integrated OpenStack is the same as the value displayed in the vCenter Server section in NSX Manager.

7 If the Integrated OpenStack Manager connects to the vCenter Server instance over a private, secure network and you need to disable certificate validation, select the Ignore vCenter Server certificate validation check box.

8 Click Next.

9 Under Management network, select the management network from the drop-down menu, choose whether to enable DHCP, and specify an IP address for the private OpenStack endpoint.

If you disable DHCP, you must enter one or more IP address ranges for the network, the subnet mask for those ranges, the gateway address, and one or more DNS servers.

Note The total number of IP addresses in the management network cannot exceed 100. The IP address of the private OpenStack endpoint cannot be included in any IP address range specified for the management network.

10 Under API network, select the API access network from the drop-down menu, choose whether to enable DHCP, and specify an IP address for the public OpenStack endpoint.

If you disable DHCP, you must enter one or more IP address ranges for the network, the subnet mask for those ranges, the gateway address, and one or more DNS servers.

Note The total number of IP addresses in the API access network cannot exceed 100. The IP address of the public OpenStack endpoint cannot be included in any IP address range specified for the API access network.

11 Under Control plane resources, select the vSphere data center, resource pool, and datastore that you want to use for the OpenStack control plane.

Note The datastore cannot be changed after the control plane has been deployed.

12 Under Persistent storage, select a datastore and click Next.

13 Select a networking mode from the drop-down menu.

Important You cannot change the networking mode after deploying OpenStack. If you need to switch to a different networking mode, you must redeploy.


VMware, Inc. 27

14 Enter the parameters for your networking back end.

n If you selected NSX Policy or NSX-T, perform the following steps:

a Enter the FQDN or IP address of the NSX Manager and its administrator credentials, and click Validate.

Note If you have deployed an NSX Manager cluster, specify only the parent NSX Manager node at this time. After OpenStack is deployed, specify the additional nodes as described in Configure VMware Integrated OpenStack with an NSX Manager Cluster" in the VMware Integrated OpenStack Administration Guide.

b Select the default transport zones, tier-0 router, DHCP server profile, and metadata proxy server from the drop-down menus.

c Enter the secret for the metadata proxy server and click Next.

n If you selected NSX-V, perform the following steps:

a Select the vCenter Server instance containing your NSX Data Center for vSphere deployment from the drop-down menu.

If the correct instance is not displayed, click the Add (plus sign) icon to enter its location and credentials.

b Enter the FQDN or IP address of the NSX Manager and its administrator credentials, and click Validate.

c Select the transport zone to carry traffic between instances.

d Select the edge cluster, resource pool, and datastore on which to deploy NSX Edge nodes.

e Select the vSphere Distributed Switch to support NSX Data Center for vSphere networking.

f Select the default size for exclusive and shared router appliances.

g Select whether to enable high availability (HA) for NSX Edge nodes.

h Enter the port group, IP address range, and subnet mask for the metadata service network and click Next.

n If you selected DVS, specify the distributed switch and trunk network to use for OpenStack and click Next.

15 Under Nova configuration, click Add and select the vCenter Server instance containing your compute cluster.

16 Enter a Nova availability zone for the instances in the target cluster.

17 Select the desired cluster and datastore and click Submit.

You can click Add again to include multiple compute clusters in your deployment.

18 Confirm your compute settings and click Next.

19 Under Glance configuration, click Add and select the vCenter Server instance containing the datastore that you want to use to store images.


VMware, Inc. 28

20 Select one or more datastores and click OK.

21 Confirm your image datastore settings and click Next.

22 Under Cinder configuration, click Add and select the vCenter Server instance containing the cluster that you want to use for block storage.

23 Select VMDK or FCD as the backend driver.

24 Enter an availability zone for the target cluster.

25 Select one or more clusters and click OK.

26 Confirm your block storage settings and click Next.

27 Under Local admin user, enter the password of the OpenStack administrator account and click Next.

This password is used to authenticate with OpenStack and the VMware Integrated OpenStack dashboard as the cloud administrator.

Important Do not select Configure identity source and configure LDAP at this time. For new deployments of VMware Integrated OpenStack 6.0, you can configure LDAP only after the deployment has finished. For instructions, see "Configure LDAP Authentication" in the VMware Integrated OpenStack Administration Guide.

28 Select whether you want to enable VMware Integrated OpenStack Carrier Edition and click Next.

29 Under Barbican configuration, select Simple Crypto or KMIP as the plugin for secret management.

If you select KMIP, you must enter the hostname and credentials for your KMIP server.

30 Review your settings. When you are satisfied that the settings are correct, click Finish.

The Integrated OpenStack Manager begins to deploy your OpenStack cloud, and the status of the deployment is displayed as Provisioning. When the status changes to Running, the deployment is finished.

Note Do not scale out the deployment or add components (such as Designate) while the deployment is in the Provisioning state.

What to do next

n Disable vSphere HA on all controller nodes.

n Assign a license key and verify that your OpenStack cloud is deployed and running correctly.

Assign the VMware Integrated OpenStack License KeyYou assign a license key for VMware Integrated OpenStack to enable its features.

For more information about licensing, see VMware Integrated OpenStack Licensing.


VMware, Inc. 29

Prerequisites

n Install VMware Integrated OpenStack.

n Obtain your VMware Integrated OpenStack license key from the license portal at https://my.vmware.com/group/vmware/my-licenses.

Procedure

1 Log in to the OpenStack Management Server web interface as the admin user.

2 Select Licenses and click Add.

3 Enter a name for your license key.

The name cannot exceed 253 characters. It can only contain letters, digits, spaces, hyphens (-), and periods (.) and must start and end with a letter or digit.

4 Enter your license key and click OK.

5 Select your license key, click Assign, and click OK.

Your license key is displayed in the table with related information. You can repeat this procedure to add more licenses as needed for your deployment.


VMware, Inc. 30

https://my.vmware.com/group/vmware/my-licenses

https://my.vmware.com/group/vmware/my-licenses

Configuring Additional Components and Features 5After installing VMware Integrated OpenStack, you can configure additional OpenStack components and integrate your deployment with vRealize Operations Manager.


n Integrate VMware Integrated OpenStack with vRealize Operations Manager

n Integrate VMware Integrated OpenStack with vRealize Log Insight

n Enable the Designate Component

n Enable Carrier Edition Features

n Enable the Ceilometer Component

Integrate VMware Integrated OpenStack with vRealize Operations ManagerYou can monitor OpenStack resources in vRealize Operations Manager by installing the vRealize Operations Management Pack for VMware Integrated OpenStack.

Prerequisites

If you have already installed the vRealize Operations Management Pack for NSX-T version 2.0, uninstall the management pack before proceeding. You can reinstall version 2.0 after the vRealize Operations Management Pack for VMware Integrated OpenStack has been installed.

Procedure

1 Deploy and configure vRealize Operations Manager.

See VMware vRealize Operations Manager Help.

2 Install and configure the vRealize Operations Management Pack for VMware Integrated OpenStack.

See "Installing and Configuring the Management Pack for VMware Integrated OpenStack" in the VMware vRealize Operations Management Pack for VMware Integrated OpenStack document.

You can view VMware Integrated OpenStack objects on the dashboards displayed in vRealize Operations Manager.

VMware, Inc. 31

What to do next

Configure the vCenter Adapter. For information, see "VMware vSphere Solution in vRealize Operations Manager" in the vRealize Operations Manager Help document.

For NSX deployments, you can also configure the vRealize Operations Management Pack for NSX-T or vRealize Operations Management Pack for NSX for vSphere.

n For information about the vRealize Operations Management Pack for NSX-T, see the VMware vRealize Operations Management Pack for NSX-T document.

n For information about the vRealize Operations Management Pack for NSX for vSphere, see documentation under the Resources tab on the vRealize Operations Management Pack for NSX for vSphere page on VMware Solution Exchange at https://marketplace.vmware.com/vsx/solutions/management-pack-for-nsx-for-vsphere.

Integrate VMware Integrated OpenStack with vRealize Log InsightYou can monitor OpenStack data in vRealize Log Insight using dashboards provided by the VMware OpenStack Content Pack.

For more information about the VMware OpenStack Content Pack, see the VMware OpenStack Content Pack page at https://marketplace.vmware.com/vsx/solutions/openstack-content-pack.

Prerequisites

Deploy vRealize Log Insight. See the Getting Started document for your version of vRealize Log Insight.

Procedure

1 Install the VMware OpenStack Content Pack in vRealize Log Insight.

a Log in to the vRealize Log Insight web user interface as a user with the Edit Admin permission.

b From the drop-down menu on the upper right, select Content Packs.

c Click Marketplace under Content Pack Marketplace on the left.

d Click OpenStack.

e Select the check box to agree to the terms of the license agreement.

f Click Install.

For more information about vRealize Log Insight content packs, see "Working with Content Packs" in the Using vRealize Log Insight document for your version.

2 If you did not configure a syslog server when deploying OpenStack, modify your deployment configuration to send logs to vRealize Log Insight.

a Log in to the Integrated OpenStack Manager web interface as the admin user.

b In OpenStack Deployment, click the name of your deployment and open the Manage tab.


VMware, Inc. 32

https://marketplace.vmware.com/vsx/solutions/management-pack-for-nsx-for-vsphere

https://marketplace.vmware.com/vsx/solutions/management-pack-for-nsx-for-vsphere

https://marketplace.vmware.com/vsx/solutions/openstack-content-pack

c On the Settings tab, select Log Management and click Edit.

d Enter the IP address and port of your vRealize Log Insight syslog server and click OK.

You can monitor OpenStack data in vRealize Log Insight on the dashboards under Content Pack Dashboards > OpenStack. You can check the status of your log analytics integration by running the viocli get deployment command.

Enable the Designate ComponentDesignate is a component of OpenStack that provides DNS as a service, including domain name registration and zone and record set management for OpenStack clouds.

After deploying VMware Integrated OpenStack, you can enable Designate to provide DNS functions. Enabling or disabling Designate may temporarily affect other OpenStack services.

For more information about Designate, see the OpenStack Designate documentation at https://docs.openstack.org/designate/stein.

Prerequisites

VMware Integrated OpenStack supports Infoblox, Bind9, PowerDNS, and Microsoft DNS back-end servers for Designate. The prerequisites for each type of DNS server are listed as follows.

Infoblox:

1 Ensure that the DNS server can communicate with the VMware Integrated OpenStack API access network.

2 On the Infoblox server, create a user for Designate to use.

3 Create one name server group to serve Designate zones.

a Set the Designate mDNS servers as external primaries.

b Set all IP addresses on the eth1 interface of the load balancer node as external primaries.

c Add a grid member as a grid secondary and select the Lead Secondary option for this member.

d Add additional grid secondaries as needed.

Bind9:


2 Enable rndc addzone and rndc delzone functionality to allow receipt of a NOTIFY message from a non-master node. Open named.conf.options or named.conf in a text editor and add the following lines in the options section:

allow-new-zones yes;

allow-notify{any;};

3 Restart the Bind9 server.


VMware, Inc. 33

https://docs.openstack.org/designate/stein/

https://docs.openstack.org/designate/stein/

PowerDNS:


2 Enable the API in the pdns.conf file.

3 In the pdns.conf file, add the trusted-notification-proxy parameter and set its value to the IP address of the eth1 interface of each controller node, separated by commas:

trusted-notification-proxy=controller1-eth1-ip,...

Microsoft DNS:


2 On the Microsoft DNS server, add inbound rules allowing communication on port 5358 over TCP and UDP.

3 Install Python 2.7, the Microsoft Visual C++ Compiler for Python 2.7, and the pip package installer.

4 Install Designate version 8.0.0.

pip install designate==8.0.0

5 Write the following information to a file named designate.conf:

[service:agent]

backend_driver = msdns

masters = mgmt-server-ip:53

6 Open Command Prompt as an administrator and start the Designate agent using the designate.conf file:

designate-agent --config-file path/designate.conf

The Designate agent must remain open while Designate is in use.

Procedure


2 In OpenStack Deployment, click the name of your deployment and open the Manage tab.

3 On the Settings tab, select Configure Designate and click Enable.


VMware, Inc. 34

4 Select your back end and enter the required parameters.

n Infoblox back end

Option Description

DNS server Enter the IP address of the Infoblox server.

DNS port Enter the port on the Infoblox server for the DNS service. The default value is 53.

WAPI URL Enter the Infoblox WAPI URL. The default is https://infoblox-server/wapi/wapi-version/.

Note The URL must end with a slash (/).

Username Enter the username for Designate to access the Infoblox API.

Password Enter the password for the Infoblox username.

Confirm password Confirm the password for the Infoblox username.

NS group Specify the name server group to serve Designate zones.

n Bind9 back end

Option Description

DNS server Enter the IP address of the Bind9 server.

DNS port Enter the port on the Bind9 server for the DNS service. The default value is 53.

RNDC host Enter the IP address of the Remote Name Daemon Control (RNDC) server. The default value is the IP address of the Bind9 server.

RNDC port Enter the port for the RNDC service. The default value is 953.

RNDC key Enter the contents of the /etc/bind/rndc.key file.

n PowerDNS back end

Option Description

DNS server Enter the IP address of the PowerDNS server.

DNS port Enter the port on the PowerDNS server for the DNS service. The default value is 53.

API endpoint Enter the PowerDNS API endpoint URL. The default value is http://powerdns-server/8081.

API key Enter the value of api-key in the /etc/powerdns/pdns.conf file.

n Microsoft DNS back end

Option Description

DNS server Enter the IP address of the Microsoft DNS server.

DNS port Enter the port on the Microsoft DNS server for the DNS service. The default value is 53.


VMware, Inc. 35

Option Description

Agent server Enter the IP address of the host where the Designate agent is running.

Agent port Enter the port to use for the Designate agent service. The default value is 5358.

5 Click Validate. Once validation has finished, click OK.

Tenants can now create DNS zones using the VMware Integrated OpenStack dashboard. For instructions, see "Create a DNS Zone" in the VMware Integrated OpenStack Administration Guide.

Enable Carrier Edition FeaturesYou can enable VMware Integrated OpenStack Carrier Edition features through the Integrated OpenStack Manager web interface.

Prerequisites

Assign a Carrier Edition license to your VMware Integrated OpenStack deployment. See Assign the VMware Integrated OpenStack License Key.

For information about licensing, see VMware Integrated OpenStack Licensing.

Procedure



3 On the Settings tab, select Configure Carrier Edition and click Enable.

You can now configure your deployment to use Carrier Edition features.

Enable the Ceilometer ComponentCeilometer is a component of OpenStack that polls, collects, and publishes OpenStack service data. The VMware Integrated OpenStack implementation of Ceilometer includes the Aodh, Panko, and Gnocchi projects.

After deploying VMware Integrated OpenStack, you can enable Ceilometer to perform telemetry functions. Enabling or disabling Ceilometer may temporarily affect other OpenStack services.

For more information about Ceilometer, see the OpenStack Ceilometer documentation at https://docs.openstack.org/ceilometer/stein.

Prerequisites

Verify that the CPUs on the ESXi host running the Integrated OpenStack Manager support Advanced Vector Extensions (AVX).


VMware, Inc. 36

https://docs.openstack.org/ceilometer/stein/

https://docs.openstack.org/ceilometer/stein/

Procedure



3 On the Settings tab, select Configure Ceilometer and click Enable.

The Kubernetes pods required by Ceilometer are created and the services are enabled.

What to do next

If you no longer want to use Ceilometer, you can disable it on this page. This will stop the Ceilometer service and remove all Ceilometer nodes.


VMware, Inc. 37

Upgrading VMware Integrated OpenStack 6You upgrade to VMware Integrated OpenStack 6.0 by creating a new deployment and migrating to it.

You can upgrade from VMware Integrated OpenStack 5.1 to VMware Integrated OpenStack 6.0. If you are running an older version, first upgrade to 5.1 and then upgrade to 6.0.

In the upgrade procedure, you create a VMware Integrated OpenStack 6.0 deployment and migrate your existing deployment to it. This procedure requires that you have sufficient hardware and IP address resources to support two deployments temporarily.

You can revert to the pre-upgrade version if the upgrade is not successful or if you no longer want to use version 6.0. To revert an upgrade, see Revert to a Previous VMware Integrated OpenStack Deployment .

Note the following differences between a new VMware Integrated OpenStack 6.0 deployment and a deployment that has been upgraded from a previous version:

n The OpenStack region name of a new VMware Integrated OpenStack 6.0 deployment is RegionOne. The OpenStack region name of an upgraded deployment is nova.

n The names of Nova compute nodes in a new VMware Integrated OpenStack 6.0 deployment are in the following format: compute-vcenter-id-cluster-moid. The names of Nova compute nodes in an upgraded deployment are in the following format: nova-compute-number. After the deployment is upgraded, new Nova compute nodes use the new naming format, including nodes that are deleted and recreated.

n A new VMware Integrated OpenStack 6.0 deployment includes the service and default domains only. The service domain contains accounts used by OpenStack services, and the Default domain contains accounts used by OpenStack users, including the admin account. An upgraded deployment also contains the local domain for backward compatibility.


n Upgrade VMware Integrated OpenStack

n Revert to a Previous VMware Integrated OpenStack Deployment

Upgrade VMware Integrated OpenStackYou upgrade to VMware Integrated OpenStack 6.0 by installing the new version and migrating your existing deployment.

VMware, Inc. 38

Prerequisites

n Download the VMware Integrated OpenStack 6.0 OVA and upgrade conversion script from the product download page at https://my.vmware.com/en/group/vmware/info?slug=infrastructure_operations_management/vmware_integrated_openstack/6_0. The files require approximately 6 GB of storage space.

n Verify that your environment meets the requirements for VMware Integrated OpenStack 6.0. See Hardware Requirements for VMware Integrated OpenStack and Software Requirements for VMware Integrated OpenStack.

If you have enabled Ceilometer, verify that the CPUs on the ESXi host that will run the new Integrated OpenStack Manager support Advanced Vector Extensions (AVX). IF AVX is not supported, you must disable Ceilometer before upgrading.

n Record any custom changes made to the OpenStack deployment outside of the custom.yml and custom-playbook.yml files. Any customizations not included in these files will not take effect on the new version and must be configured again on the new deployment once the upgrade is complete.

n If you have configured identity federation with VMware Identity Manager using the OIDC protocol, delete the configured identity provider before upgrading. You can add the identity provider again once the upgrade is complete.

To delete the provider, run the openstack identity provider delete idp-name command.

n If you have configured VMware Integrated OpenStack to use an NSX Manager cluster, remove this configuration before upgrading. To do so, change the value of the nsxv3_api_managers parameter to include only the IP address of the parent NSX Manager. You can add the other managers in your cluster once the upgrade is complete.

n If you have deployed Swift, record your cluster configuration. Swift clusters cannot be upgraded to VMware Integrated OpenStack 6.0, and the Swift configuration is not preserved. If you want to continue using Swift, you can recreate your cluster after the upgrade is complete.

n Verify that no internal OpenStack management workloads are running.

n Verify that your current deployment is running VMware Integrated OpenStack 5.1. If you are running an older version, upgrade to version 5.1 first.

Procedure

1 Add IP Addresses to the Network Configuration

Before upgrading, ensure that your management and API access networks include sufficient IP addresses to support the existing and new deployments concurrently.

2 Install the New Virtual Appliance

You install the VMware Integrated OpenStack 6.0 virtual appliance on your existing vCenter Server instance.


VMware, Inc. 39



3 Migrate to the New VMware Integrated OpenStack Deployment

You run an upgrade conversion script on your old deployment to generate the files needed to upgrade. Then you apply the upgrade files on your new deployment to complete the migration process.

4 Upgrade and Assign Your License Key

After you upgrade to VMware Integrated OpenStack 6.0, you must upgrade your license key in My VMware and assign it to your new deployment.

5 Delete the Old VMware Integrated OpenStack Deployment

After you upgrade VMware Integrated OpenStack, you can delete virtual machines from the previous version to release resources.

Add IP Addresses to the Network ConfigurationBefore upgrading, ensure that your management and API access networks include sufficient IP addresses to support the existing and new deployments concurrently.

Note IP addresses from other networks segments cannot be added to the management or API access networks.

In VMware Integrated OpenStack 6.0, each worker node requires one IP address on the management network and one IP address on the API access network. This means that the management and API access networks require at least three available IP addresses each for HA deployments and at least one available IP address each for non-HA deployments.

The IP addresses that you configure in this procedure are permanent. After you migrate to the new deployment, these IP addresses will be used instead of the IP addresses assigned to your existing deployment. You will need to update any DNS entries or other references to VMware Integrated OpenStack IP addresses once the upgrade is finished.

Important Do not include the IP address of the Integrated OpenStack Manager in the management network IP range. If you have already allocated additional IP addresses for upgrades, assign the first available IP address to the Integrated OpenStack Manager and remove it from the management network IP range.

Procedure

1 In the vSphere Client, select Menu > VMware Integrated OpenStack.

2 Click OpenStack Deployments and open the Manage tab.

3 On the Networks tab, click the Options (three dots) icon next to the management network and select Add IP Range.

4 Specify an IP address range for the management network of the new deployment.

The management network cannot include more than 100 IP addresses.

5 Click the Options (three dots) icon next to the API access network and select Add IP Range.


VMware, Inc. 40

6 Specify an IP address range for the API access network of the new deployment.

The API access network cannot include more than 100 IP addresses.

What to do next

Install the new version of VMware Integrated OpenStack on your vCenter Server instance.

Install the New Virtual ApplianceYou install the VMware Integrated OpenStack 6.0 virtual appliance on your existing vCenter Server instance.

This procedure describes how to install the VMware Integrated OpenStack using the vSphere Client. If you want to use the OVF Tool to install the virtual appliance, you must include the --allowExtraConfig parameter.

Prerequisites

Confirm that your management and API access networks include sufficient IP addresses for the new installation. See Add IP Addresses to the Network Configuration.

Procedure

1 Log in to the vSphere Client and select the Hosts and Clusters view.

2 Edit the settings of the management cluster previously configured for VMware Integrated OpenStack and set DRS Automation to Manual.

3 Right-click the management cluster and select Deploy OVF Template... from the pop-up menu.

4 Provide the path to the VMware Integrated OpenStack OVA and click Next.

5 Enter a name for the new VMware Integrated OpenStack vApp, select your data center, and click Next.

Note The name of the VMware Integrated OpenStack vApp can contain only letters, numbers, and underscores (_). The name cannot exceed 60 characters, and the combination of the vApp name and cluster name cannot exceed 80 characters.

6 Select the cluster on which to run the vApp and click Next.

7 Review the details of the template to be installed and click Next.

8 Read the license agreements and select I accept all license agreements. Then click Next.

9 Specify a provisioning format and storage policy, select the datastore on which the vApp files will be stored, and click Next.

For more information about provisioning formats, see "About Virtual Disk Provisioning Policies" in vSphere Virtual Machine Administration.

10 In the Destination Network column, select the existing management network and click Next.


VMware, Inc. 41

11 On the Customize template page, enter additional settings for VMware Integrated OpenStack.

a Under Network properties, you can enter static IP addresses for the Integrated OpenStack Manager virtual machine and DNS server.

If you want to use DHCP, leave all fields blank. If you enter a static IP address for the Integrated OpenStack Manager, you must also enter the subnet mask, default gateway, and DNS server.

b Under System, enter an initial password for the administrator accounts on the Integrated OpenStack Manager.

This password is used for the admin account on the web interface and the root user on the Integrated OpenStack Manager virtual machine. The following rules apply to the password:

n The password must contain between 8 and 128 characters.

n The password must contain at least 1 uppercase letter, 1 lowercase letter, 1 digit, and 1 special character.

n The password cannot contain simplistic patterns, common words, or words derived from the name of the account.

c For Permit Root Logon, select true.

d Under Internal Network, enter the network address of the Kubernetes service network, the network address of the Kubernetes pod network, and the domain name suffix of the service network.

Note The service and pod networks must not overlap each other or any existing networks. The service network domain suffix must not overlap any existing domains.

For example, if your current domain is named corp.local, you cannot use cluster.local as your service network domain. Use a different domain suffix, such as cluster.example.

e (Optional) Under Log Management, enter the IP address and port number of your log analytics server.

You can add or update the log analytics server information after the deployment is finished.

f (Optional) Under Time Management, enter one or more NTP servers to use for time synchronization.

All VMware Integrated OpenStack virtual machines must use a single, highly available time source. If you cannot configure a time source on all ESXi hosts, you must enter an NTP server in this field.

12 Once All properties have valid values is displayed in the upper left of the page, click Next.

13 On the Ready to complete page, review your settings. When you are satisfied that the settings are correct, click Finish to install the vApp.

14 Right-click the name of the VMware Integrated OpenStack vApp and select Power > Power On.


VMware, Inc. 42

15 Select the new Integrated OpenStack Manager virtual machine in the vApp and record its IP address.

You can access this IP address to log in to the new Integrated OpenStack Manager through the web interface or SSH.

What to do next

Migrate your deployment to the new version.

Migrate to the New VMware Integrated OpenStack DeploymentYou run an upgrade conversion script on your old deployment to generate the files needed to upgrade. Then you apply the upgrade files on your new deployment to complete the migration process.

Prerequisites

n Install the VMware Integrated OpenStack 6.0 virtual appliance. See Install the New Virtual Appliance.

n Confirm that your existing VMware Integrated OpenStack deployment is running properly. On the old OpenStack Management Server, run the viocli deployment status command.

n Verify that the backup functionality on the existing VMware Integrated OpenStack deployment works properly and that the disk is not full.

n Transfer the upgrade conversion script to the old OpenStack Management Server.

Procedure

1 Log in to the old OpenStack Management Server as viouser.

2 Switch to the root user.

sudo su -

3 Decompress and run the upgrade conversion script.

tar -xzf vio-upgrade-6.0-build-number.tar.gz

cd upgrade

./upgrade.sh

Before running the script, you must change the current working directory to the directory containing the script.

When prompted, enter the password for the viouser account.

The script collects a support bundle, backs up the OpenStack database, and generates the following files:

n /tmp/pre_upgrade/upgrade.tar.gz

n ./cluster.yaml

n ./restore.yaml


VMware, Inc. 43

n ./themes.tar (only if you have previously customized the VMware Integrated OpenStack dashboard theme)

4 Stop the old VMware Integrated OpenStack deployment.

sudo viocli deployment stop

Note OpenStack services will be unavailable until the migration process is finished.

5 In the vSphere Client, create a content library named VIO.

6 Upload the /tmp/pre_upgrade/upgrade.tar.gz file to the content library.

If the themes.tar file was generated, upload the file to the content library also.

7 Transfer the cluster.yaml and restore.yaml files to the new Integrated OpenStack Manager.

8 Log in to the new Integrated OpenStack Manager as the root user.

9 Apply the cluster configuration file to the new VMware Integrated OpenStack deployment.

kubectl -n openstack create -f cluster.yaml

10 Apply the upgrade configuration file to the new VMware Integrated OpenStack deployment.

kubectl -n openstack apply -f restore.yaml

OpenStack services are now provided by the new deployment.

What to do next

n Assign your VMware Integrated OpenStack license key to the new deployment. See Upgrade and Assign Your License Key.

n Update any DNS entries to use the IP addresses of the new VMware Integrated OpenStack deployment.

n For NSX-T Data Center deployments, update the metadata proxy configuration in NSX Manager to use the private OpenStack endpoint of the new deployment.

n For VDS deployments, update the Neutron configuration to create four DHCP agents per network.

a Log in to the new Integrated OpenStack Manager as the root user.

b Modify the Neutron configuration.

viocli update neutron

c In the conf section, create the neutron section. In the neutron section, create the DEFAULT section.

d In the DEFAULT section, add the dhcp_agents_per_network parameter and set its value to "4".


VMware, Inc. 44

The configuration file now looks similar to the following:

conf:

plugins:

[...]

neutron:

DEFAULT:

dhcp_agents_per_network: "4"

manifests:

[...]

If the upgrade is unsuccessful or you do not want to use the new version, you can revert to your previous VMware Integrated OpenStack deployment. See Revert to a Previous VMware Integrated OpenStack Deployment .

If the upgrade is successful, you can delete the old VMware Integrated OpenStack deployment. See Delete the Old VMware Integrated OpenStack Deployment.

Upgrade and Assign Your License KeyAfter you upgrade to VMware Integrated OpenStack 6.0, you must upgrade your license key in My VMware and assign it to your new deployment.

Procedure

1 Upgrade your license key as described in KB 2006974.

2 Log in to the OpenStack Management Server web interface as the admin user.

3 Select Licenses and click Add.

4 Enter a name for your license key.

The name cannot exceed 253 characters. It can only contain letters, digits, spaces, hyphens (-), and periods (.) and must start and end with a letter or digit.

5 Enter your license key and click OK.

6 Select your license key, click Assign, and click OK.

Your license key is displayed in the table with related information. You can repeat this procedure to add more licenses as needed for your deployment.


VMware, Inc. 45

https://kb.vmware.com/s/article/2006974

Delete the Old VMware Integrated OpenStack DeploymentAfter you upgrade VMware Integrated OpenStack, you can delete virtual machines from the previous version to release resources.

Important n After you delete the deployment, you cannot revert to the previous version. Do not delete the

deployment until all validation tasks have been completed and you are certain that you will not need to revert to the previous version.

n Do not use the VMware Integrated OpenStack plugin in vCenter Server to delete the deployment.

n For NSX Data Center for vSphere deployments, do not remove edge nodes from the edge cluster.

Procedure

1 In the vSphere Client, delete the VMware Integrated OpenStack controller virtual machines.

2 Delete the Integrated OpenStack Manager virtual machine.

Revert to a Previous VMware Integrated OpenStack DeploymentYou can revert to the previous VMware Integrated OpenStack deployment if the upgrade failed or if you do not want to use the new version.

Important The old deployment is required for reversion. If you have already deleted the old deployment, you cannot revert to the previous version.

Procedure

1 In the vSphere Client, power off and delete the new VMware Integrated OpenStack virtual appliance and any virtual machines generated by the new deployment.

2 Log in to the old OpenStack Management Server as viouser.

3 Start the previous OpenStack deployment.

sudo viocli deployment start

4 Delete the upgrade conversion script files from the OpenStack Management Server.


VMware, Inc. 46

VMware Integrated OpenStack Installation and Configuration ... · n Ceilometer (telemetry),...

Documents

Transcript of VMware Integrated OpenStack Installation and Configuration ... · n Ceilometer (telemetry),...